Oseana Johnson

Standardize COMSEC processes and procedures that allow NNSA Office of Information Management to effectively identify, respond, and mitigate emerging threats as a cohesive organization. Duties include:

• Manage end-to-end implementation of cryptographic security measures by ensuring confidentiality and integrity of sensitive communications across the enterprise. This is done by assessing and analyzing potential cybersecurity risks, vulnerabilities, and threats, in conjunction with network and security operation centers by producing actionable reports and recommendations for senior leadership to drive proactive security measures.

• Lead development and execution of COMSEC policies and procedures ensuring strict compliance with the National Security Agency (NSA) guidelines and mitigating vulnerabilities in secure communication systems.

• Conduct regular risk assessments, vulnerability scans, and compliance audits to identify potential threats and vulnerabilities, resulting in timely mitigation of high-risk issues and ensuring compliance with industry standards.

• Perform security audits and assessments to ensure compliance with industry regulations, standards, and best practices.

• Collaborate with senior leadership to align cybersecurity initiatives with overall business goals, ensuring cybersecurity investments are optimized and aligned with organizational priorities.

• Provide guidance on cybersecurity best practices and emerging threats to internal stakeholders, facilitating informed decision-making and enhancing the overall security posture.

• Manage compliance with security standards, ensuring communication security (COMSEC), and providing assurance in the cybersecurity domain by developing short-term and long-term strategic plans to improve risk control and mitigation across enterprise secure networks and small sites.

• Oversee the execution of enterprise COMSEC activities for five accounts and aid in transitioning activities to a common enterprise process covering operations and maintenance, technology adoption, and enhanced protection strategies to include access control and physical and logical security for RD and special programs.

• Conduct comprehensive security assessments and risk evaluations to identify vulnerabilities, threats, and potential impact to the organization.

• Monitor and investigate security incidents to determine root causes and develop incident response strategies.

• Develop and enforce security policies, procedures, and guidelines to promote a security-conscious culture within the organization.

• Collaborate with cross-functional teams to implement security controls, including access controls, encryption, and network segmentation.

• Conduct ongoing monitoring and analysis of security events, logs, and alerts to detect and respond to potential threats.

• Responsible for lifecycle management and proposed budget of COMSEC assets and equipment.

• Stay up-to-date with the latest security trends, vulnerabilities, and emerging technologies through continuous learning and professional development.

Contracting Officer Representative (COR) duties as assigned:

• Responsible for monitoring and overseeing contractor performance to ensure terms and conditions of the performance work statements are met based on requirements outlined in the contract through service level requirements, key performance indicators, and quality assurance surveillance plans.
• Serve as the liaison between the contractor and the contracting officer conveying important information and facilitating effective communication between both parties.
• Review and advise on new proposals and statements of work.
• Task monitor for Contracts and Procurements, Secure Communications, and Program Management.
• Track lifecycle management of IT/cyber licenses, services, and equipment.
• Submit bi-weekly IT/cyber bill of materials for other direct cost (ODC) requests and credit card purchase submissions.

• Championed the protection of sensitive communications through the meticulous management of cryptographic key material and equipment, resulting in zero unauthorized disclosures of classified information and risk management during tenure by the following:
• Conducted regular COMSEC security audits and vulnerability assessments, implementing rigorous control measures that prevented unauthorized access and safeguarded the organization's most sensitive data according to national and local telecommunication standards. Ensuring compliance with information systems security policies, procedures, and best practices.
• Maintained accurate system inventory detailing all hardware, software, applications, and credentials accessed and by whom.
• Created disaster recovery plans and continuity of operations procedures to ensure resilience against cyber attacks or incidents.
• Advised leadership on regulatory compliance regarding encryption standards and data privacy.
• Captured customer application requirements from the telecommunications office to design an alternate SharePoint solution for The Office of Information Management COMSEC Material Record (CMR) database hosted within a secure environment supporting enterprise accounts.

• Helped to lead the critical functions of records management and IT service delivery for the organization. On the records management side, responsible for developing policies and procedures for classifying, retaining, storing, securing, retrieving, and disposing of all paper and electronic records. This involved ensuring legal, regulatory, and compliance requirements related to records retention and management being met.
• As the Records Manager and an IT Service Desk Analyst, aided the team by providing frontline technical support and resolution for end-user issues and requests. This required monitoring service desk metrics, identifying opportunities for improvement, and overseeing knowledge management databases.
• Coordinated with other IT teams to enable seamless end-user support and developed self-help resources to allow end-users to troubleshoot basic issues independently.
• Conducted periodic audits of records management practices, identifying areas for improvement and implementing solutions to enhance efficiency.
• Collaborated with IT teams to ensure security of digital records, implementing encryption and access controls to protect sensitive information.
• Monitored, tracked, and reported on service desk metrics like ticket volume, resolution time, customer satisfaction, etc.
• Identified opportunities to improve service desk operations, leverage new technologies, and optimize knowledge management databases.
• Oversaw asset and configuration management of IT hardware and software.